09/469,505 Patent 
AMENDMENT AND PRESENTATION OF CLAIMS 

Please replace all prior claims in the present application with the following claims, in 

which claims 1 and 28 are currently amended. 

1. (Currently Amended) A method for tracking denial-of-service floods, the method 
comprising: 

rerouting a DoS flood attack datagram to a tracking router, wherein the tracking router 
forms an overlay tracking network with respect to an egress edge router; and 

identifying , by the tracking router, an ingress edge router that forwarded the DoS flood 
attack datagram. 

2. (Original) The method according to claim 1, further comprises executing security 
diagnostic functions. 

3. (Original) The method according to claim 2, wherein the security diagnostic 
functions comprise input debugging. 

4. (Original) The method according to claim 1, wherein the overlay tracking network is 
within an autonomous system that is different from another autonomous system corresponding 
to the ingress edge router and the egress edge router. 

5. (Original) The method according to claim 4, further comprising providing routing 
information by the overlay tracking network to the ingress edge router and the egress edge 
router using an inter-administrative-domain routing/signaling protocol. 
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6. (Original) The method according to claim 5, wherein the inter-administrative-domain 
routing/signaling protocol is BGP (Border Gateway Protocol). 

7. (Original) The method according to claim 1, further comprising communicating 
between the edge routers and the tracking router via tunnels that are created over an unreliable 
datagram delivery service protocol. 

8. (Original) The method according to claim 1, further comprising communicating 
between the edge routers and the tracking router via virtual connections over a separate lower 
layer protocol. 

9. (Original) The method according to claim 1. further comprising communicating 
between the edge routers and the tracking router via physical connections. 

10. (Original) The method according to claim 1, further comprising routing the DoS flood 
attack datagram from the ingress edge router to the tracking router, wherein the egress edge 
router has a static route to the victim. 

11. (Original) The method according to claim 10, further comprising announcing the 
static route to the edge routers using an inter-administrative-domain routing/signaling protocol. 
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12. (Original) The method according to claim 11, wherein the inter-administrative- 
domain routing/signaling protocol in the announcing step is EBGP (External Border Gateway 
Protocol). 

13. (Original) The method according to claim 11, further comprising establishing another 
static route between the egress router and an external router associated with a victim node, the 
victim node receiving the DoS flood attack datagram. 

14. (Original) A communication system for tracking denial-of-service (DoS) floods, the 
communication system comprising: 

a plurality of edge routers including an ingress edge router and an egress edge router, each 
of the edge routers being configured to perform security diagnostic functions, in part, to identify 
a DoS flood attack datagram, wherein the ingress edge router is associated with a source of the 
DoS flood attack datagram; and 

a tracking router adjacent to the egress edge router, the tracking router being configured 
to perform the security diagnostic functions, the ingress edge router rerouting the DoS flood 
attack datagram to the tracking router as to permit identification of the ingress edge router, 
wherein the tracking router forms an overlay tracking network with respect to the plurality of 
edge routers. 

15. (Original) The system according to claim 14, wherein the security diagnostic 
functions comprise input debugging. 
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16. (Original) The system according to claim 14, wherein the overlay tracking network is 
within an autonomous system that is different from another autonomous system corresponding to 
the plurality of edge routers. 

17. (Original) The system according to claim 16, wherein the tracking router 
communicates routing information by the overlay network to the one edge router using an inter- 
administrative-domain routing/signaling protocol. 

18. (Original) The system according to claim 17, wherein the inter-administrative-domain 
routing/signaling protocol is BGP. 

19. (Original) The system according to claim 14, wherein the tracking router 
communicates with the edge routers via tunnels that are created over an unreliable datagram 
delivery service protocol. 

20. (Original) The system according to claim 14, wherein the tracking router 
communicates with the edge routers via virtual connections over a separate lower layer protocol. 

21. (Original) The system according to claim 14, wherein the tracking router 
communicates with the edge routers via physical connections. 

22. (Original) The system according to claim 14, wherein the overlay tracking network 
further comprises additional tracking routers. 
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23. (Original) The system according to claim 22, wherein the tracking routers are 
interconnected via tunnels that are created over an unreliable datagram delivery service protocol. 



24. (Original) The system according to claim 22, wherein the tracking routers are 
interconnected via virtual connections over a separate lower layer protocol. 

25. (Original) The system according to claim 22, wherein the tracking routers are 
interconnected via physical connections. 

26. (Original) The system according to claim 14, wherein the ingress edge router routes 
the DoS flood attack datagram to the tracking router due to a dynamic routing update from the 
tracking router. 

27. (Original) The system according to claim 26, further comprising an external router 
coupled to the egress edge router via another static route, wherein the external router is 
associated with a victim node, the victim node receiving the DoS flood attack datagram. 

28. (Currently Amended) A computer-readable medium carrying one or more sequences 
of one or more instructions for tracking denial-of-service floods (DoS), the one or more 
sequences of one or more instructions including instructions which, when executed by one or 
more processors, cause the one or more processors to perform the steps of: 

receiving a DoS flood attack datagram on an overlay network formed by a tracking router; 
identifying the DoS flood attack datagram; and 
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identifyin g, by the tracking router, a previous hop router associated with the DoS flood 
attack datagram to determine an ingress adjacency associated with the DoS flood attack. 



29. (Original) The computer-readable medium according to claim 28, wherein the 
computer readable medium further includes instructions for causing the one or more processors 
to perform the steps of: 

instructing the previous hop router to identify a respective previous hop router associated 
with the DoS flood attack datagram. 
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